SecureMyi.com Security and Systems Management Newsletter for the IBM i             May 13, 2015 - Vol 5, Issue 6
Security Training from SecureMyi.com
Security Study from Powertech

Security software from SeaSoft

Security? See how SKYVIEW PARTNERS can help!

Feature Article

Easily Manage Your Journal Receivers with RMVJRNRCV

Code by Carsten Flensberg - Article by Dan Riehl - SecureMyi.com

When you decide to begin auditing security related events on your system to the QAUDJRN journal, or when you start journaling changes to physical files, data areas or data queues, you must also decide how you are going to manage the online retention of the journal's receivers.

The journal receivers are the storage areas used for the audit records generated by system auditing or database journaling. If left unchecked, these journal receivers will continue to expand in size and number, and may ultimately consume all of your available disk space.

When you want to control how long journal receivers are available online, you will want to "age" the receivers. For example, if you want to keep five days' worth of transactions online, you can either manually delete the old receivers or run the RMVJRNRCV(Remove Journal Receivers) CL command presented here.

The Remove Journal Receivers (RMVJRNRCV) command lets you age the receivers and optionally connect the journal to a new receiver.

You can run this command from a command line, or better yet, place the command in your job scheduler to ensure daily or weekly "Aging" of your journal receivers.

You can use this command to manage all of your journals, including QAUDJRN and Database Journals to perform an intelligent deletion of old receivers.

Here's a view of the RMVJRNRCV command prompt:



                   Remove Journal Receivers (RMVJRNRCV)

     Type choices, press Enter.

            Journal . . . . . . . . . . . .  ______   Name
              Library . . . . . . . . . . .   *LIBL   Name, *LIBL, *CURLIB
           Journal receiver retain days . .  *NONE    1-999, *NONE
           Journal receivers to retain  . .  *NONE    1-999, *NONE
           Force receiver deletion  . . . .  *NO      *NO, *YES
           Change journal receiver  . . . .  *NO      *NO, *YES
           Journal receiver:
             Journal receiver . . . . . . .  *GEN     Name, *SAME, *GEN
                Library . . . . . . . . . .           Name, *LIBL, *CURLIB
             Journal receiver . . . . . . .           Name, *GEN
                Library . . . . . . . . . .           Name, *LIBL, *CURLIB
            Sequence option . . . . . . . .  *CONT     *CONT, *RESET


The command performs a clean-up process against the specified journal's receiver directory. You can specify the number of journal receivers to retain, the number of days (since detachment), or a combination of both.

Read More and Download the Source Code for this Great CL Command

In This Issue


Featured Article - Journal Receivers

Security Shorts - QSECURITY Fake Out

Industry News and Calendar

Security Resources

Quick Links


Search Security Site for IBM i and i5/OS

SecureMyi Website

Security Training from The 400 School

SecureMyi Newsletter Home/Archives


Our Newsletter Sponsors


Platinum Sponsor

    The 400 School, Inc


Gold Sponsor

    PowerTech

    Skyview Partners, Inc

    Software Engineering of America

Silver Sponsor

    Cilasoft Security Solutions

IBM i Security Resources

IBM i Security Videos - SecureMyi

SecureMyi Newsletter Archives

Search Security for IBM i

IBM i Security Ref - 6.1

IBM i Security Ref - 7.1

QAUDJRN Entries By AUDLVL

QAUDJRN Entry Layouts

RedBook - Security Guide IBM i


Open Security Foundation - DataLoss DB

National Vulnerability Database - NIST

PCI Data Security Standard

COBIT - ISACA

HIPAA Resources

HITECH Enforcement

CISSP - Certification


Follow SecureMyi on Twitter
Follow SecureMyi on LinkedIn=
Follow SecureMyi on YouTube


Security software from SeaSoft


Security Study from Powertech
Security Training from SecureMyi.com
Security news and Events


Security Related News for IBM i

State of IBM i Security Study 2015 Released

PowerTech, a division of HelpSystems has announced the release of the 2015 State of IBM i Security Study.

Now in its 12th year, the study includes data from 110 servers and partitions reviewed using PowerTech’s automated assessment tool. The participating organizations spanned a broad range of industries, including finance, healthcare, communication, transportation and others.

You can Download the Free 2015 Security Study Here



Live Security Related Webcasts and Training for IBM i

May Events

PowerTech 2015 State of IBM i Security Study
with Robin Tatam

Live Webcast - Presented by PowerTech
Wednesday, May 20 - 10:00am CDT
More Information and Register to Attend

Live Hands-On - IBM i, iSeries System Administration and Control Workshop
with Dan Riehl

Training Workshop - May 18-22 - Presented by The 400 School, Inc.
Dan Riehl presents this 5-Day Live Online Hands-on Workshop.
More Information and Register to Attend

June Events

Live Hands-On - Security and Vulnerability Assessment Workshop for IBM i
with Dan Riehl

Training Workshop - June 2-5 - Presented by SecureMyi and The 400 School, Inc.
Dan Riehl presents this 4-Day Live Online Hands-on Workshop.
More Information and Register to Attend

Live Hands-On - IBM i Concepts with Control Language Programming Workshop
with Dan Riehl

Training Workshop - June 15-19 - Presented by The 400 School, Inc.
Dan Riehl presents this 5-Day Live Online Hands-on Workshop.
More Information and Register to Attend

Live Hands-On - IBM i, iSeries System Administration and Control Workshop
with Dan Riehl

Training Workshop - June 22-26 - Presented by The 400 School, Inc.
Dan Riehl presents this 5-Day Live Online Hands-on Workshop.
More Information and Register to Attend

Live Hands-On - IBM i, iSeries, AS/400 Expanded Security Workshop
with Dan Riehl

Training Workshop - June 29 -July 2 - Presented by SecureMyi and The 400 School, Inc.
Dan Riehl presents this 4-Day Live Online Hands-on Workshop.
More Information and Register to Attend

July Events

Live Hands-On - QAUDJRN Auditing and Forensic Analysis Workshop for IBM i
with Dan Riehl

Training Workshop - July 7 - 8 - Presented by The 400 School, Inc.
Dan Riehl presents this 2-Day Live Online Hands-on Workshop.
More Information and Register to Attend

Live Hands-On - Expanded System Operations Workshop for IBM i, iSeries, AS/400
with Dan Riehl

Training Workshop - July 13-17 - Presented by The 400 School, Inc.
Dan Riehl presents this 5-Day Live Online Hands-on Workshop.
More Information and Register to Attend

Live Hands-On - Query for i WRKQRY Workshop for Technical Staff and End Users
with Dan Riehl

Training Workshop - July 28 - Presented by The 400 School, Inc.
Dan Riehl presents this Full-Day Live Online Hands-on Workshop.
More Information and Register to Attend

August Events

Live Hands-On - IBM i, iSeries System Administration and Control Workshop
with Dan Riehl

Training Workshop - August 10-14 - Presented by The 400 School, Inc.
Dan Riehl presents this 5-Day Live Online Hands-on Workshop.
More Information and Register to Attend




Software from Cilasoft


Security? See how SKYVIEW PARTNERS can help!


Training from The 400 School


Training from The 400 School

Security Shorts

QSECURITY Level - The Auditor Fake Out Lesson?

By Dan Riehl - SecureMyi.com

When assessing the security posture of an IBM i server, there are numerous critical focus areas. How are the users configured? How are the permissions assigned? What are the settings for security system values, etc.?

In evaluating security for IBM i, we examine the Security System Values for settings that are outside the norm for a secure system. One prime system value to examine is QSECURITY. QSECURITY specifies the Security Level of the system, a numeric value ranging from 20 to 50, with 50 typically being the most secure, 20 typically being the least secure. (I say "typically" because the security level itself can't be used to determine how secure a system is, only that it can be more secure at a higher security level.)

A security colleague told me about a recent assessment he performed in which the customer's QSECURITY system value was set to the highest value of 50. This was verified using the Display System Value (DSPSYSVAL) command. This setting indicated that someone at the company was certainly paying attention to the security of the system.

But, when reviewing the Security setting that determines if Security Related System Values were correctly locked out from modification, the real truth came out.

The command Display Security Attributes (DSPSECA) can be used to examine the System Service Tools(SST) setting of whether Security System Values are protected from modification. It also shows additional security settings, including the QSECURITY level, as shown here:


                       Display Security Attributes                           
                                                           
 User ID number . . . . . . . . . . . . . . :   591                             
 Group ID number  . . . . . . . . . . . . . :   165                             
 Security level . . . . . . . . . . . . . . :   30                              
   Pending security level . . . . . . . . . :     50                           
 Password level . . . . . . . . . . . . . . :   0                               
 Allow change of security related system                                        
   values . . . . . . . . . . . . . . . . . :   *NO                             
 Allow add of digital certificates  . . . . :   *NO                             
 Allow service tools user ID with default                                       
   and expired password to change its own                                       
   password . . . . . . . . . . . . . . . . :   *NO                             

While the Service Tools setting of "Allow Change of Security Related System Values" was securely set as "*NO," my colleague also noticed that the system wasn't actually running Security Level 50. The DSPSECA display above shows the security level 50 as a "Pending security level" setting. The pending setting showed that the QSECURITY System Value had indeed been changed to level 50, but that the system was still running QSECURITY level 30 until an IPL (i.e., reboot) was performed. This was an IPL that was never going to happen.

In preparation for the upcoming assessment, the customer had set the QSECURITY system value to 50, knowing that the higher security setting wouldn't actually go into effect until an IPL was performed.

The customer sadly acknowledged that the pending setting was an attempt to make the system appear more secure that it actually was and that as soon as the assessment was completed, the system value would have be reset to the original security level 30 setting.

Because security level 30 is known to have very serious flaws, the customer wanted to make the system appear to be running at the highest security level of 50. This ruse would have succeeded with a less competent auditor.

If you are running at a Security Level less than 40, you really need to get the level up to at least level 40. For almost all systems I've seen, it's not a huge project to move from QSECURITY level 30 to 40. And the upgrade provides a mountain of additional protection for your system.

Sponsored Links

IBM i, iSeries and AS/400
Security Services from SecureMyi


IT Security and Compliance Group


In Depth Security Assessment of IBM i
Upgrade to QSECURITY level 40 or 50
Forensic Research and Analysis
Audit Assistance and Remediation
Security Training for IT and Audit Staff
Software Selection & Configuration
Security and Systems Programming




LIVE Training from The 400 School, Inc


Customized IBM i (iSeries, AS/400) Training -
    Presented Live at your offices


LIVE Online Hands-On Workshops

Security and Auditing Workshops
System Operations Workshops
System Administration and Control
ILE RPG IV Programming
ILE COBOL Programming
Control Language Programming
IBM i Concepts and Facilities
Query Workshop


Training from The 400 School

Training from The 400 School
Security Training from The 400 School

Send your IBM i Security and Systems Management News and Events!           Send your Questions, Comments, Tips and Stories

Copyright 2015 - SecureMyi.com, all rights reserved

SecureMyi.com | St Louis MO 63017